Juniper Firewall Vulnerabilities Exposed
No attachments for this post
Recent findings indicate that nearly 12,000 online Juniper firewall devices are susceptible to a remote code execution flaw that was recently unveiled.
The newly found exploit for CVE-2023-36845 by VulnCheck allows unauthorized, remote attackers to run arbitrary codes on Juniper firewalls without creating any files. This vulnerability, rated as medium-severity, is located in Junos OS's J-Web component. Threat actors could exploit it to control significant environmental variables. Juniper Networks addressed this flaw last month with an emergency update, which also covered CVE-2023-36844, CVE-2023-36846, and CVE-2023-36847.
WatchTowr's subsequent proof-of-concept exploit merged CVE-2023-36846 and CVE-2023-36845 to upload a PHP file embedded with harmful shellcode, achieving code execution. However, the most recent exploit affects older models and is written using a single cURL command, focusing solely on CVE-2023-36845 to accomplish its goal.
Jacob Baines stated, "Firewalls are prime targets for APTs since they provide access to the safeguarded network and can be useful for C2 infrastructure. If you possess an unpatched Juniper firewall, scrutinize it for compromise indicators."
While Juniper confirmed they're unaware of any successful exploits targeting their clients, they've observed attempts and urge users to implement the necessary patches to fend off potential threats.
Comments on this post
No comments have been added for this post.
You must be logged in to make a comment.